Re: Openssh + Solaris 9 and authentication



Gladstone, Gary wrote:
We were locking a group of users off a Solaris 9 box by do a
"passwd -l <user>". The users were unable to ssh into the box after
doing this either using their password of if they had an authorized_keys
file.

I'm not sure why ssh failed; I use a similar "trick" on my system to
ensure that admin users can only log in using authorized_keys and not
passwords.

However, users were still able to scp files onto the box if they had an
authorized_keys file. Is there a way to prevent this other than removing
the users authorized_keys files?

No as authorized_keys bypasses password authentication and hence being
locked out by passwd. What version of SSH are you using? It might be
an option to add these users to a particular group and disable public
key authentication for them. Or perhaps use some PAM restriction?

Ben